dc.creator | Márquez Trujillo, Antonio Germán | es |
dc.creator | Galindo Duarte, José Ángel | es |
dc.creator | Varela Vaca, Ángel Jesús | es |
dc.creator | Gómez López, María Teresa | es |
dc.creator | Benavides Cuevas, David Felipe | es |
dc.date.accessioned | 2022-11-02T10:28:20Z | |
dc.date.available | 2022-11-02T10:28:20Z | |
dc.date.issued | 2022 | |
dc.identifier.citation | Márquez Trujillo, A.G., Galindo Duarte, J.Á., Varela Vaca, Á.J., Gómez López, M.T. y Benavides Cuevas, D.F. (2022). Advisory: vulnerability analysis in software development project dependencies. En SPLC 2022: 26th ACM International Systems and Software Product Line Conference (99-102), Graz, Austria: ACM: Association for Computing Machinery. | |
dc.identifier.isbn | 978-1-4503-9206-8 | es |
dc.identifier.uri | https://hdl.handle.net/11441/138586 | |
dc.description.abstract | ecurity has become a crucial factor in the development of soft ware systems. The number of dependencies in software systems
is becoming a source of countless bugs and vulnerabilities. In the
past, the product line community has proposed several techniques
and mechanisms to cope with the problems that arise when dealing
with variability and dependency management in such systems. In
this paper, we present Advisory, a solution that allows automated
dependency analysis for vulnerabilities within software projects
based on techniques from the product line community. Advisory
first inspects software dependencies, then generates a dependency
graph, to which security information about vulnerabilities is attrib uted and translated into a formal model, in this case, based on SMT.
Finally, Advisory provides a set of analysis and reasoning operations
on these models that allow extracting helpful information about
the location of vulnerabilities of the project configuration space,
as well as details for advising on the security risk of these projects
and their possible configurations. | es |
dc.description.sponsorship | Ministerio de Ciencia e Innovación PID2020-112540RB-C44 (AETHER-US) | es |
dc.description.sponsorship | Junta de Andalucía P20-01224 (COPERNICA) | es |
dc.description.sponsorship | Junta de Andalucía METAMORFOSIS (US-1381375) | es |
dc.format | application/pdf | es |
dc.format.extent | 4 | es |
dc.language.iso | eng | es |
dc.publisher | ACM: Association for Computing Machinery | es |
dc.relation.ispartof | SPLC 2022: 26th ACM International Systems and Software Product Line Conference (2022), pp. 99-102. | |
dc.rights | Attribution-NonCommercial-NoDerivatives 4.0 Internacional | * |
dc.rights.uri | http://creativecommons.org/licenses/by-nc-nd/4.0/ | * |
dc.subject | Software project | es |
dc.subject | Library | es |
dc.subject | Dependency | es |
dc.subject | Vulnerability | es |
dc.subject | CVE | es |
dc.subject | Security | es |
dc.subject | Verification | es |
dc.subject | Risk | es |
dc.subject | Impact | es |
dc.title | Advisory: vulnerability analysis in software development project dependencies | es |
dc.type | info:eu-repo/semantics/conferenceObject | es |
dcterms.identifier | https://ror.org/03yxnpp24 | |
dc.type.version | info:eu-repo/semantics/submittedVersion | es |
dc.rights.accessRights | info:eu-repo/semantics/openAccess | es |
dc.contributor.affiliation | Universidad de Sevilla. Departamento de Lenguajes y Sistemas Informáticos | es |
dc.relation.projectID | PID2020-112540RB-C44 (AETHER-US) | es |
dc.relation.projectID | P20-01224 (COPERNICA) | es |
dc.relation.projectID | METAMORFOSIS (US-1381375) | es |
dc.relation.publisherversion | https://dl.acm.org/doi/10.1145/3503229.3547058 | es |
dc.identifier.doi | 10.1145/3503229.3547058 | es |
dc.contributor.group | Universidad de Sevilla. TIC-258: Data-centric Computing Research Hub | es |
dc.publication.initialPage | 99 | es |
dc.publication.endPage | 102 | es |
dc.eventtitle | SPLC 2022: 26th ACM International Systems and Software Product Line Conference | es |
dc.eventinstitution | Graz, Austria | es |
dc.relation.publicationplace | New York, USA | es |
dc.contributor.funder | Ministerio de Ciencia e Innovación (MICIN). España | es |
dc.contributor.funder | Junta de Andalucía | es |